Cisco Cisco TelePresence Video Communication Server Expressway
The VCS Expressway should be configured with a default gateway of 10.0.10.1. Whether or not static routes
are needed in this scenario depends on the capabilities and settings of FW A and FW B. VCS Control to VCS
Expressway communications will be to the 64.100.0.10 address of the VCS Expressway; the return traffic
from the VCS Expressway to VCS Control might have to go via the default gateway. If a static route is added
to the VCS Expressway so that reply traffic goes from the VCS Expressway and directly through FW B to
the 10.0.30.0/24 subnet, this will mean that asymmetric routing will occur and this may or may not work,
depending on the firewall capabilities.
are needed in this scenario depends on the capabilities and settings of FW A and FW B. VCS Control to VCS
Expressway communications will be to the 64.100.0.10 address of the VCS Expressway; the return traffic
from the VCS Expressway to VCS Control might have to go via the default gateway. If a static route is added
to the VCS Expressway so that reply traffic goes from the VCS Expressway and directly through FW B to
the 10.0.30.0/24 subnet, this will mean that asymmetric routing will occur and this may or may not work,
depending on the firewall capabilities.
The VCS Expressway can be added to Cisco TMS with the IP address 10.0.10.3 (or with IP address
64.100.0.10 if FW A allows this), since Cisco TMS management communications are not affected by static
NAT mode settings on the VCS Expressway.
64.100.0.10 if FW A allows this), since Cisco TMS management communications are not affected by static
NAT mode settings on the VCS Expressway.
3-port firewall DMZ using single VCS Expressway LAN interface
In this deployment, a 3-port firewall is used to create
n
a DMZ subnet (10.0.10.0/24), containing:
l
the DMZ interface of firewall A - 10.0.10.1
l
the LAN1 interface of the VCS Expressway - 10.0.10.2
n
a LAN subnet (10.0.30.0/24), containing
l
the LAN interface of firewall A - 10.0.30.1
l
the LAN1 interface of the VCS Control – 10.0.30.2
l
the network interface of Cisco TMS – 10.0.30.3
A static 1:1 NAT has been configured on firewall A, NATing the public address 64.100.0.10 to the LAN1
address of the VCS Expressway. Static NAT mode has been enabled for LAN1 on the VCS Expressway,
with a static NAT address of 64.100.0.10.
address of the VCS Expressway. Static NAT mode has been enabled for LAN1 on the VCS Expressway,
with a static NAT address of 64.100.0.10.
TheVCS Expressway should be configured with a default gateway of 10.0.10.1. Since this gateway must be
used for all traffic leaving the VCS Expressway, no static routes are needed in this type of deployment.
used for all traffic leaving the VCS Expressway, no static routes are needed in this type of deployment.
The traversal client zone on the VCS Control needs to be configured with a peer address which matches the
static NAT address of the VCS Expressway, in this case 64.100.0.10, for the same reasons as those
described in the previous example deployment, "Single subnet DMZ using single VCS Expressway LAN
interface".
static NAT address of the VCS Expressway, in this case 64.100.0.10, for the same reasons as those
described in the previous example deployment, "Single subnet DMZ using single VCS Expressway LAN
interface".
This means that firewall A must allow traffic from the VCS Control with a destination address of
64.100.0.10. This is also known as NAT reflection, and it should be noted that this is not supported
by all types of firewalls.
64.100.0.10. This is also known as NAT reflection, and it should be noted that this is not supported
by all types of firewalls.
The VCS Expressway can be added to Cisco TMS with the IP address 10.0.10.2 (or with IP address
64.100.0.10 if FW A allows this), since Cisco TMS management communications are not affected by static
NAT mode settings on the VCS Expressway.
64.100.0.10 if FW A allows this), since Cisco TMS management communications are not affected by static
NAT mode settings on the VCS Expressway.
Cisco VCS Basic Configuration (Control with Expressway) Deployment Guide
Page 62 of 65
Appendix 4: Advanced network deployments